Quote from: kmfkewm on June 17, 2013, 10:03 amQuote from: SelfSovereignty on June 16, 2013, 06:41 pmQuote from: tree on June 16, 2013, 06:22 pmQuote from: Xennek on June 16, 2013, 05:59 pmWhy don't more people encrypt or at least privnote their addresses? Is there absolutely anything stopping LEAs/ "good" guys running a compromised exit node from reading your order list and adding all of the addresses to a watch list? Seems like an easy way to get nabbed to me.Why would you think that privnote is safer than using the address field? Your address is automatically deleted from SR's servers too so why use a third party to do that for you? Privnote could keep a copy of all its messages for all we know.Privnote actually was -- at least at the time that I looked at it -- just as safe as PGP. Though I didn't go over it line by line or anything; still, the only real problem with it is that the code to encrypt stuff is downloaded on-the-fly from the server, and there's no guarantee that it hasn't changed since someone last looked at it.By design, there will never be a guarantee that the code you download to encrypt the message wasn't changed the moment prior to you downloading it. That's why it isn't secure, but to my knowledge it's the only reason.SelfSovereignty please stop making claims about technical things that you very clearly don't have a clue about, it is getting extremely annoying. Privnote is not anywhere near as secure as GPG. For one they could backdoor the code just like you said. For two you need to transfer the URL in plaintext or encrypt it with GPG, opening it up to massive MITM potential. The fact that a message is deleted automatically doesn't mean jack shit since somebody who does MITM will just intercept , read, make a new message. GPG is for getting around issues like that, privnote doesn't do jack shit to solve the underlying issues. Not to mention it is written in javascript, which is hardly the ideal language for doing crypto shit in. Not to mention you have not even looked at the code so how the hell are you to know if it is secure or not? Oh not to mention when you use privnote you are weak to your Tor exit node sending you a bugged version of the javascript client.... did I do something to offend you? Perhaps if you read 2 messages down you'd notice that I looked again and decided I was wrong. I'm not entirely sure what your tone is about, friend, but I made a statement; decided I needed to verify my statement because I couldn't quite remember what led me to the conclusion I came to; did so; decided I was wrong; and corrected it. Perhaps you'd like to tell me what I should have done, other than leaving a question completely unanswered while we all waited for you or astor to show up?If I may indulge in a little bit of back-and-forth, if you will: anyone who says a language isn't suited to something because of its inherent properties as a language is a fool who pays more attention to standards and stereotypes than reality and truth. Any language that can accomplish something is a perfectly fine language to use for the task.It's called Gibberish-AES, and in fact I have seen the code. Perhaps it's you who hasn't, friend.In fact... you are so full of shit, I am not going to let this stand. Let me dissect your argument piece by piece.QuotePrivnote is not anywhere near as secure as GPG. For one they could backdoor the code just like you said. For two you need to transfer the URL in plaintext or encrypt it with GPG, opening it up to massive MITM potential.The question is in regard to plain text addresses, buddy. End-to-end encrypted within the Tor network. This doesn't apply.QuoteThe fact that a message is deleted automatically doesn't mean jack shit since somebody who does MITM will just intercept , read, make a new message.Yes, this is true. It also has nothing to do with GPG since GPG doesn't make the same claim.QuoteGPG is for getting around issues like that, privnote doesn't do jack shit to solve the underlying issues.Plain text addresses you bloody loon, not the entire fucking universe.QuoteNot to mention it is written in javascript, which is hardly the ideal language for doing crypto shit in.You're a fucking idiot. Javascript to my knowledge is Turing complete. Someone will fucking write your personality in it someday, I guarantee you.QuoteNot to mention you have not even looked at the code so how the hell are you to know if it is secure or not?Again, Gibberish-AES. Go look it up.QuoteOh not to mention when you use privnote you are weak to your Tor exit node sending you a bugged version of the javascript client.Here, however, you're correct. Which I stated initially -- no guarantee that the code will remain secure the moment before you encrypt. Why are you trying to throw my own points back at me?In short: if you want to call someone an idiot, go look in a mirror.